Make clientID and clientSecret optional in ExchangeOAuthCodeForAccessToken()
markschmid opened this issue · 6 comments
I think the method ExchangeOAuthCodeForAccessToken() is not taking care of the optional params clientID
and clientSecret
. I'm using the values "" (my take of optional), yet the response of FA is:
The request is missing a required parameter: client_id missing_client_id
Remark: In Line
go-client/pkg/fusionauth/Client.go
Line 1272 in ca7d656
The /oauth2/token
endpoint does not accept an API key, this is why it is using the StartAnonymous
.
The way the method is constructed, the client_id
and client_secret
are required. The Authorization
header that is referred to in the comment is the HTTP Basic Authorization header which would use the client_id
and client_secret
in an authorization header instead of the request body.
We could update the comment since this usage does not use the HTTP Basic Authorization for client authentication.
Is there a reason you can't pass the client_id
and client_secret
as arguments to this method?
Thanks for the clarification. Reading the „optional“ lead to false conclusions on my side.
You're welcome, yes, the wording was confusing. I have updated that in commit FusionAuth/fusionauth-client-builder@32ae5b8 and dbc3c6c.
Assuming we can close out this issue?
Absolutely, thanks again!